IS IT SAFE TO ORDER ONLINE?
Yes, it is safe to shop at Bluebella with your credit or debit card.
We promise to keep your name, address, credit card details and any other information you give us secure.
Our secure server encrypts your personal information, including credit or debit card number, name and address, before it is sent over the Internet.
Your card details are presented directly to the bank for clearance and are not stored.
When you click the ‘Check out’ button, you enter the secure section of the site.
HOW CAN YOU TELL IF OUR SITE IS SECURE?
When you are in the checkout, you will see the URL begins with https and also see a locked padlock in the address bar of your Web browser, showing that you are in the secure area.
Once your order has been processed securely online, we do not keep any record of your credit card details.
Your card details are verified automatically online through the secure Shopify payment gateway.
We are happy to answer any questions you have about secure shopping with us. Click here to contact us.
The Bluebella Privacy Promise to you: Security is our priority
When we are looking after your data, our focus is on cybersecurity. We know how important your information is to you, and we promise to collect, process, store and share your data safely and securely.
We respect your privacy and security as much as you do. When you shop with us, we will only ask for personal information such as your name, email address, billing address, product selections, credit card or other payment information in order to send out your goods in a timely manner.
We may also collect information about where you are on the Internet (such as the website you came from, IP address, domain types like .co.uk and .com), your browser type, the country where your internet service provider is located, the pages of our site that were viewed during your visit, and any search terms that you used.
We may also need to share your data with our trusted payment, fraud control and marketing partners. This will only ever be shared where necessary and always in a safe and secure way.
Once your order has been processed securely online, we do not keep any record of your credit card details.
PRIVACY AND PERSONAL DATA PROTECTION
In our everyday business operations we make use of a variety of data about visitors, including data about:
- Users of our websites
- Subscribers to our newsletters
- Other stakeholders
In collecting and using this data, we are subject to a variety of new legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps we take to ensure that we comply with it.
This control applies to all systems, people and processes that constitute our information systems, including directors and employees who have access to our systems.
The following elements of the GDPR legislation are relevant to this Notice:
- Data Protection Impact Assessment Process
- Personal Data Mapping Procedure
- Legitimate Interest Assessment Procedure
- GDPR Roles and Responsibilities
- Records Retention and Protection Policy
To find out more about the details of how we protect, process, use and share your data, click to read the sections below:
DATA PROTECTION REGULATION
The General Data Protection Regulation 2016 (GDPR) is one of the new pieces of legislation affecting the way that we carry out our information processing activities. Significant fines are applicable if a breach is deemed to have occurred under the GDPR, which is designed to protect the personal data of citizens of the European Union. It is our policy to ensure that our compliance with the GDPR and other relevant legislation is clear and demonstrable at all times.
The data subject – i.e. you - also has rights under the GDPR. These consist of:
- Your right to be informed
- Your right of access
- Your right to rectification
- Your right to erasure
- Your right to restrict processing
- Your right to data portability
- Your right to object
- Your rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within Bluebella that allow the required action to be taken within the timescales stated in the GDPR.
These timescales are as follows:
|Your request||Timescale for our response|
|The right to be informed||When data is collected (if supplied by you) or within one month (if not supplied by you)|
|The right of access||One month|
|The right to rectification||One month|
|The right to erasure||Without undue delay|
|The right to restrict processing||Without undue delay|
|The right to data portability||One month|
|The right to object||On receipt of objection|
|Rights in relation to automated decision making and profiling.||Not specified|
LAWFULNESS OF PROCESSING
There are six alternative ways in which the lawfulness of a specific case of processing of personal data may be established under the GDPR. It is our policy to identify the appropriate basis for processing and to document it, in accordance with the Regulation. Three of the six options that apply to us are described briefly as follows:
Unless it is necessary for a reason allowable in the GDPR, we will always obtain explicit consent from you to collect and process your data. Transparent information about our usage of your personal data will be provided to you at the time that consent is obtained and your rights with regard to your data explained, such as the right to withdraw consent. This information will be provided in an accessible form, written in clear language and free of charge.
Performance of a Contract
Where the personal data collected and processed are required to fulfil a contract with you, explicit consent is not required. This will often be the case where the contract cannot be completed without the personal data in question e.g. we can't deliver to you without an address to deliver to.
If the processing of specific personal data is in the legitimate interests of Bluebella and is judged not to affect the rights and freedoms of the data subject in a significant way, then this may be defined as the lawful reason for the processing. The reasoning behind this view will be documented.
SHARING YOUR INFORMATION
CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
Please go to our Privacy Notice below, where we explain the various ways that you can exercise your rights. You can opt-out of us selling your personal information, submit a subject access request, or request that we erase your personal information. If you have any further questions, please contact our Data Protection team at firstname.lastname@example.org
Bluebella is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Bluebella may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
BASIS ON WHICH WE PROCESS PERSONAL DATA
Personal data we hold about you will be processed either because:
- you have consented to the processing for the specific purposes described in this notice;
- the processing is necessary in order for us to comply with our obligations under a contract between you and us; or
- the processing is necessary in pursuit of a "legitimate interest", a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security.
PERSONAL DATA WE COLLECT
We may collect and process the following personal data (information that can be uniquely identified with you) about you:
- log-in details and information you provide when setting up an account on the Site ("Login Information");
- profile information you provide to us relating to your account or profile with us ("Account Information");
- contact information we collect from you (for example, your name, address, telephone number, email address) ("Contact Information");
- information we collect which relates to orders you have placed with us, including products you have ordered, shipping destinations the price of products you have ordered and any customisation ("Order Information");
- information provided to us relating to payment including credit or debit card details ("Payment Information");
- Information provided in relation to personal preferences and interest and survey information (“Personal Preference Information)
- a record and details of any correspondence or communication between you and us or relating to any complaint submitted to us ("Communication Information");
- details of your visits to the Site, the resources and pages that you access and any searches you make ("Technical Information");
Generally we collect personal data directly, but we may obtain data from third parties from time to time. For instance we may licence data from a postcode database in order to ensure efficient shipping. If we do obtain your personal data from a third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
You do not have to supply any personal information to us but the Site may not be operable without providing data to us. In particular we will be unable to fulfil an order without collecting some personal data from you.
You may withdraw our authority to process your personal data (or request that we restrict our processing – see your privacy rights below) at any time but we will be entitled to complete any orders we are then processing and we may need to withhold some personal data for legal or other reasons.
HOW WE PROCESS YOUR PERSONAL DATA
Please see the table below, which sets out the manner in which we will process the different types of personal data we hold:
Purpose or Activity
Type of data
Lawful basis for processing including basis of legitimate interest
When you register with the Site
When you update or amend your account details
When we fulfil an order for products placed with us
When you seek to cancel or change an order
To manage our relationship with you which will include:
To administer and protect our business, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data
To use data analytics to improve the Site, services, marketing, customer relationships and experiences
We may periodically send emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
Customer and order information is processed by Shopify Inc., which is based in the United States.
SHARING YOUR INFORMATION
We do not disclose any personal data you provide to any third parties other than as follows:
- If you place an order personal information relevant to your delivery will be provided to our shipping partner;
- We may host personal data with third party hosting partners;
- Certain third party suppliers including technical support providers may have access to personal data;
- where we carry out research to gain an insight into the use of our services, the results of this research (but not your personal data itself) may be transferred to interested third parties;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
- in order to enforce any terms and conditions or agreements for our services that may apply;
- we may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
- to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- We sometimes make our mailing list available to third party companies whose products we thought might interest you. Occasionally we may also make our mailing list available to established charities. We reach these other companies and charities directly or via a data co-operative. A data co-operative collects data and customer information across a range of different retailers. The data co-operative then analyses that information to help the participating companies tailor their communications. The data co-operatives may also use the customer information for their own marketing or commercial purposes. To opt out of sharing your personal data with third parties, please email our Data Protection team at email@example.com
Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so . If we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.
MARKETING & PRIVACY PREFERENCES
- UNSUBSCRIBING FROM OUR CATALOGUES:
From time to time we will send you catalogues and promotions by post. If you no longer wish to receive postal mailings from us, email firstname.lastname@example.org with your name & postal address, which can be found on the back of your latest catalogue.
Please note catalogues are printed in advance so you may receive one further mailing after opting out.
- UNSUBSCRIBING FROM OUR NEWSLETTERS:
We will ask you for your email address so that we can send you an order confirmation and any further delivery information. From time to time we will send you special offers and promotions. If you no longer wish to receive these promotions, please click on the unsubscribe link at the bottom of the email, or contact please email email@example.com
- UNSUBSCRIBING FROM OUR MESSAGING:
We will ask you for your phone number so that we can send you special offers and promotions. If you no longer wish to receive these messages, please text the keyword STOP to our shortcode to opt out of receiving our text messages.
- CAN I GO BACK ON YOUR MAILING LIST?
If you have previously asked us not to send catalogues and promotions by post or email but have changed your mind, you can resubscribe to email newsletters by signing up again via the website signup form. For promotions by post please email firstname.lastname@example.org.
- OPTING OUT OF THIRD PARTY MAILINGS
If you no longer want third party mailings, please email email@example.com with your name and address.
- DO NOT SELL MY INFORMATION
You have the right to request not to sell your personal information that we have collected and will process your request in 15 days and notify any relevant third parties. You opt back in at anytime using the same email address as opting out. Make your request by emailing our Data Protection team at firstname.lastname@example.org.
- DELETION OF PERSONAL INFORMATION
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. We will delete, and direct our service-providers to delete, your personal information from our records, unless an exception applies. You can make your request by emailing our Data Protection team at email@example.com.
We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):
- protecting our servers by both hardware and software firewalls;
- locating our data processing storage facilities in secure locations;
- encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;
- disposing or deleting your data securely;
- regularly backing up and encrypting all data we hold.
We will ensure that our employees are aware of their privacy and data security obligations. We will take reasonable steps to ensure that the employees of third parties working on our behalf are also aware of their privacy and data security obligations.
This notice and our procedures for handling personal data will be reviewed as necessary.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try to prevent unauthorised access.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
An Internet Protocol (IP) address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. We may use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our Site, and to administer and improve the Site.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
In addition, if you came to this Site via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
TRANSFERRING YOUR INFORMATION OUTSIDE THE UK OR EEA
As part of the services provided to you the information you provide to us may be transferred to, processed and stored at, countries or international organisations outside of the UK or European Economic Area (“EEA”).
We have customers who are outside of the UK or EEA and in those circumstances, personal data will be transferred outside of the UK or EEA (for instance to shipping partners).
We will not transfer the personal data of UK or EEA customers in a systematic way outside of the UK or EEA but there may be circumstances in which certain personal information is transferred outside of the EEA, in particular:
- If you use our Site while you are outside the UK or EEA, your information may be transferred outside the UK or EEA in order to provide you with our services;
- We may communicate with individuals or organisations outside of the UK or EEA in delivering our services, those communications may include personal information (such as contact information) for example you may be outside of the UK or EEA when we communicate with you;
- From time to time, your information may be stored in devices which are used by our staff outside of the UK or EEA (but staff will be subject to our cyber-security policies).
If we transfer your information outside of the UK or EEA, and the third country or international organisation in question has not been deemed by the EU Commission or Secretary of State (as the case may be) to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice. If you would like to obtain details of the safeguards we have put in place then please contact us at firstname.lastname@example.org.
By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the UK or EEA in the manner described above.
We share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
- Mobile messaging suppliers like Attentive (read more here)
- Companies that do things to get your purchases to you, such as ecommerce providers like Shopify, payment service providers like Klarna & Amazon Pay, warehouses, order packers, and delivery companies
- Professional service providers, such as marketing agencies, advertising partners and website hosts, who help us run our business
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
- Companies approved by you, such as social media sites (if you choose to link your accounts to us), marketplaces where you can place your order like La Redoute, and Apple Pay or Amazon Pay where you choose to use their payment service
We may provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you.
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
SEEING ADVERTS FOR BLUEBELLA ONLINE
We engage in online advertising, both to keep you aware of what we’re up to and to help you see and find our products.
Like many companies, we target Bluebella banners and ads to you when you are on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges, and we use a range of advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service.
The banners and ads you see will be based on information we hold about you, or your previous use of Bluebella (for example, your Bluebella search history, and the content you read on Bluebella) or on Bluebella banners or ads you have previously clicked on.
If you have said we can, we’ll send you marketing messages by email, to keep you aware of what we’re up to and to help you see and find our products.
How to stop marketing messages from Bluebella
You can stop receiving marketing messages from us at any time. You can do this:
- By clicking "unsubscribe from this list" or "update subscription preferences" in the footer of any marketing email you receive from us
- By texting the keyword STOP to our shortcode in response to any SMS or MMS message you receive from us
- By contacting our Customer Care team
Once you do this, we will update your profile to ensure that you don’t receive further marketing messages.
Please note that, as it might take a up to 3 working days for all our systems to be updated, so you might get messages from us while we process your request.
Stopping marketing messages will not stop service communications (such as order updates and product restock notifications) or where you have expressed interest in a specific activity at Bluebella, such as the launch of new collections.
How to stop marketing messages from Marketplaces
Every Marketplace (such as La Redoute) has a separate system to ours for recording marketing preferences. We are unable to amend your preferences or unsubscribe you from their messages.
If you decide you no longer want Marketplace marketing communications, you can opt out by visiting their site and updating your preferences there, or you can click on the ‘unsubscribe’ link in any email from that Marketplace.
For the La Redoute website, you can update your preferences via the "Mes préférés" link on www.laredoute.fr
KEEPING YOUR INFORMATION
We’ll hold on to your information for as long as you have your account, or as long as is needed to be able to provide the services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.
If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even after you have closed your account or it is no longer needed to provide the services to you.
USE OF YOUR PERSONAL INFORMATION
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited email and SMS marketing communications from us if: (a) we have obtained your details in the course of a sale or negotiation for a sale of our products, and you have not objected to receiving such direct email and SMS marketing from us. Of course, we will only send you marketing emails and SMS messages that are based on similar products or services that you purchased from us and you will always have the opportunity to opt out at any time; or (b) if you have consented to receiving marketing email and SMS messages from us (you can opt-out of receiving them at any time). We do not share your personal information with companies that would send their marketing to you.
CHANGES TO HOW WE PROTECT YOUR PRIVACY
We may change this page from time to time, to reflect how we are processing your data.
If we make significant changes, we will make that clear on the Bluebella website, or by some other means of contact such as email, so that you are able to review the changes before you continue to use Bluebella.
WHAT ABOUT COOKIES?
- Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”.
- Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience.
- Customer preference cookies – when you are browsing or shopping on Bluebella, these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you.
- Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found here.
Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete Bluebella user experience that we pride ourselves on providing our customers.
TO CONTACT US OR REGISTER A COMPLAINT
How to contact us:
- By email: email@example.com
- By phone: Toll-free: 1-800-891-7057
Or direct (international calling rates apply): +44-203-176-7769
(Monday-Friday 09:00-17:30 UK Time)
You can log a complaint concerning our compliance with the data protection principles with the Information Commissioner
If you choose to receive e-mail marketing from Bluebella, we can tell you about new collections and offers. Remember you are in control and you can manage your preferences at any time.
If you would like to stop receiving marketing e-mails from us, you can unsubscribe or change your preference at any time by clicking "unsubscribe from this list" or "update subscription preferences" in the footer of any marketing email you receive from us, or by e-mailing us at firstname.lastname@example.org with the header ‘Unsubscribe’
If you believe that any information we have about you is incorrect or incomplete, please e-mail us at email@example.com. We will promptly correct any information found to be incorrect.
You have the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Our commitment to you: No personal data is ever sold to third parties.
Company name: Bluebella Limited
Address: Brickfields, Unit 201, 37 Cremer Street, Hoxton, London, E2 8HD, United Kingdom